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(57) Abstract 

In a method and a de- 
vice for partial encryption and 
progressive transmission of im- 
aees. a first section of the im- 
age file is compressed at reduced 
quality without decryption, and 
a second section of the uuage 
file is encrypted. U^shavmg 
access to appropriate decryption 
keywords can decrypt this sec- 
ond section. The first section 
together with the decrypted sec- 
ond section can then be viewed 
as a full quality image. The stor- 
age space required for storing the 
first and section together u ; es- 
sentially the same as the stor- 
age space required for stonng 
the unencrypted full quality im- 
age By using the method and 
device as described herein stor- 
age and bandwidth requirements 
for partially encrypted images is 
reduced. Furthermore, object 
based composition and process- 
ing of encrypted objects are fa- 
cilitated, and ROIs can be en- 
crypted. Also, the shape of a ROI « 
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, be encrypted and the original object can 



be decrypted and restored in the compressed domain. 
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A METHOD AND A DEVICE FOR ENCRYPTION OP IMAGES 

rS^TE— — to a mathoo an, a device for 
encrypting images. 

BACKGROUND OF THE INVENTION AND PRIOR ART 

^tion of digital data is a technical field whxch becomes 
^tant when transmitting and storing secret information - 

available to a user paying for 
information which only shall be avaiian „,,.., 
the information. Thus, several methods for encrypting **** 
Sta are in freguent use. Such methods can also he ™^ 
to digital image data. Examples of encryption methods are ' 
triple DBS and the public-key RSA method. 

Dioital images can be stored on servers and distributed over a 
Compilation „* as digital image ^ 
- distributed using a suits 

sarvice Pf"*"—^" ~ conte!tC it might be suitable to 
their business model. In this ^ 
o££ partial access to~e ---^ _ be 

Tc^U -irr to prevent all users from having full access 
to all image data. 

he offered for sale on the Internet. 
News photographs can e.g. custome rs to download a 

The service provider wants to allow evaluatioia . 
version of the in^ge with reduced quality f or e ^ ^ 

journals that want to publish an image, pay for 
"eThen allowed to download a full guilty image. 

„r, such a service p.vid. wants t 

and download bit rates. An image P*>~ cd _ roMs m given 

r: :: sr. ^£r«r-*s at * 

SS.^' - ^dlr- ts to use the storage 

fpace °n the CD-ROM as efficiently as possible . 
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It is also essential that customers always can access images 
using user friendly, standardised software. Image providers are 
reluctant to design and support special image viewers and 
customers don't want a proliferation of viewing tools. 

Presently, image providers nave to store two versions of the 
images stored. The full quality version is stored as an 
encrypted image file. This means that the image first is 
compressed and stored in a compressed file format such as JPEG 
or Gip The compr essed file is then encrypted using a suitable 
encryption tool and an encrypted image file is stored. The user 
must first decrypt this file and then access the resulting 
compressed image file using an image viewing tool. Reduced 

quality images are produced by processing the full qualxty. 

images in an image- editing program. They are stored as separate 

compressed image files. 

Tbe problems with this solution are that at least two 
versions of the same image heed to be stored, and that both 
Versions must also be transmitted over the networ, » ease of 
remote access in the case a easterner first wants to see the free 
irresolution image before paving for the full resolution 
version. 

This results in a significant disadvantage if the reduced 
— image contains a J^^^J^L-. would 
i^rmation. Images that ax. °«« ^ izy 

in particular * ^\ aetailed pretending of 

<stn.ee iournal eaitors wa^n. f nr 
since j acceP ts only the highest quality for 

the image content and accepts on y re _. ire 10 - 5 0% of the 

printing. The reduced quality image could require 
storage space of the full quality image. 

furthermore, the emerging still 

which is described in Charilaos Christopoulos (ed.) , 

m~^i version 2.0, includes many new 
. verification Model Version . coding 

functionalities m -mp™ ods for creating a 

techniques. They include, m P art ^ ' applica tion domain 

wide range of progressive image formats. 
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can select a suitable progression mode. Individual objects 

images can be accessed separated in toe .PEO =000 
bitstream and progressive transmission can be applred also to 
ejects, in JPEG 2000 tbere is also support for independently 
decodable coding units. 

SUMMARY 

It is an object of the present invention to overcome the 
problems as outlined above and in particular to reduce the 
Tount of memory required for storing an image, which partially 
shall be possible to view, and also to reduce transmission time 
in a transmission scheme transmitting partially encrypted, 
images. 

This object and otbers are obtained by a technique for partial 
encryption abd progressive transmission of images where a frrst 
r=tfon of tbe image file can be decompressed at reduced gualrty 
witbout decryption, i.e. the first low qualxty mage not 
encrypted, and where a second section of the rmage frle rs 
encrypted . 

Thus , users having access to ^^J^^T^ Z 
decrypt this second section. ^J^^ &s & ^ ^ ality 
decrypted second sectxon can then firS t and 

imag e. The storage space ^ 
section together is essentially the same _ 
reouired for storing the unencrypted full quality g 
required ^ dependxng on the 

encryption of the se expan sion of the second 

encryption method, imply a sugau * 

section compared to the unencrypted second sectxon. 

can also be partitioned into multiple sections where 
The rmage can also be P individual encryption 

each section may be encr ™"* ^ be sCored ^encrypted. 
m «hod - ^ ld \ S rtre mXd and Lvtce as described 
M images consl st of a set of . 

herein is that tne v es lt 

domain without performing entropy 
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A reduced quality image can be produced according to several 
different main schemes, such as: 
1} Reduced resolution 

2) Reduced accuracy of the transform coefficients. 

3) Exclusion of predefined regions of interest (ROI) 

These methods can be combined so that a reduced quality image is 
e.g. produced by reducing both the resolution and the accuracy 
of the transform coefficients. 

By using the method and device for storing and transmitting 
image data as described herein, several advantages are obtained. 
Thus, there is no need to store two different versions of an 
image if different users are to have access to different quality 
of the one and same image. Also, transmission times become much 
lower if the information content of the first, low resolution, 
image data can be reused when transmitting the higher resolution 
image data. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will now be described m more detaxl and 
with reference to the accompanying drawings, in which: 

- Fig 1 is a general view of the file structure of an image 

- Pigs. 2a and 2b shows encryption of images coded according to 

the JPEG 2 000 standard. . 

F l7- 3 is a flow chart illustrating some steps earned- out 

when encrypting an image. oroC ess. 

- Fig. 4 is a diagram illustrating a client server process 

- Fig. 5 is a view of an encryption header 

1, the section 101, wmcn i therefore 
resolution image, is coded without encryption 
be possible to decode by any receiver. 
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The section 103, which comprises data, which combined with the 
data of section 101, result in a medium resolution version of 
the high resolution image, is encrypted using a first encryption 
method, and only receivers having access to the correct 
encryption key will be able to decode the data stored m the 
section 103. 

The section 105, which comprises data, which combined with the 
data of section 101 and 103 results in a full resolution version 
of the high resolution image, is encrypted using a second 
encryption method, and only receivers having access to the 
encryption key will be able to decode the data stored xn the 
section 105. 

Thus, decoding of the section 101 will result in a low 
resolution image version 107. Decryption 109 and decoding of the 
section 103 will, comhined with the image data from the section 
!01 result in a medium resolution image 111. Decryption 113 and 
acceding of the section 10S will, combined with the image data 
frofthe sections 101 and 103 result in a full resolution image 
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Furthermore, implementation in the JPEG 2000 standard without 
FurxueiU = , ... tcxA i tppg 2000 verification 

HOi, see Charilaos Christopoulos (ed.) JPEG 2000 

Mod 1 version 2.0, describes how each coding unit o ^ J * 

2000 bitstream can be inserted in the bitstream so that 

range of progressive modes can be supported. 

, Dl 9 n a coding unit is a part of 
Tn JPEG 2000 verification model 2.0, a coan y 

The—ream « T^TZ^ 
subband. in general, a cooing 4 „f„™tion The general 

independently decodable subset of image in* nation . J 
.eehauism for specifying the bitstream order is to i 

called tags that specifies the "^^ Jane "rder is . 

sufficient to specify the subband sine the hi plan ^ 

ta own, . several specific modes « * 'J^L* the bits that 

defines a default coding unit order thus saving 

are needed for inserting explicit tags . 
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in Figs. 2a and 2b block diagrams describing how encryption can 
be implemented in the JPEG 2000 encoder and decoder 
respectively, are shown. 

Thus, in Fig 2a a block diagram where encryption is performed 
after entropy coding in the encoder is shown. Coding units enter 
an entropy coding block 201. In the block 201 coding the coding 
units are entropy coded using some suitable entropy code. The 
output from the block 201 is fed to a selector which selects a 
suitable encryption method for each entropy coded coding unit. 
Some coding units can be selected to not be encrypted at all . 

in response to the selection made in the selector 2 03 the 
entropy coded coding units are encrypted in a block 205. The 
encrypted coding units together with the not encrypted coding 
units then form a combined output data stream, which can be 
stored or transmitted. 

in Fig. 2b a decoder for decoding the bit stream generated by 
the encoder in Fig. 2a is shown. Thus, first encrypted and not 
encrypted coding units enter the decoder via a selector 251, 
which selects a suitable decryption method for each entropy 
coded coding unit, or if the received coding unit is not 
encrypted it is directly transmitted to a block 255. 

m response to the selection made in the selector 255 the 
TJZ ll* coding units are decrypted in a .lock 253 using * 
suitlL decryption algorithm. The decrypted coding units are 

* * , JZ block 255 in the block 255 the coding units 
TZ fed dLe'ly rem -e selector 251 and from the decryption 
block 253 are entropy decoded and combined to form a combined 
output ^stream corresponding to the data stream which is fed 
to the entropy coding block 201 in Fig. 2a. 

>. * ina unit in the transmission scheme as shown in the 
Each coding unit in tne , encrypted block. 

a •;<? handled as an independently encrypu 
Figs. 2a and 2b is hanaiea ith user 

Each co^S -it «- *^ tie iL 9 e 

supplied encryption method. Different 

can be encrypted with different encryption methods. 
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encryption method used can further be an encryption algorithm 
combed with a keyword or a method for generating keywords. . 

Different encryption methods can in such an embodiment have 
identical algorithms but different 

Description (EMD) as shown in Figs. 2a and 2b is any global data 
Zl as session keywords or algorithm identifiers -a-s^eeded 
to specify the Encryption Method. Unit Encryption State (DBS) is 
a symbol that for each coding unit defines how it is encrypted. 

in Fig 3, a flow chart illustrating different steps carried out 
when encrypting an image are shown. First, in a step 301, an^ 
i^ge to be partially encrypted is received. The image, received 
in step 301 is then coded using a coding algorithm generating 
independently decodable coding units, e.g. JPEG 2000, in a step 



303 



Next in a step 305, some of the coding units of the image coded 

iTsteP 303 are encrypted using some suitable encrypt xonmethod, 

f n ES The coding units that are chosen to be encrypted 
such as DES. Tne coamy 

v,o «*t- in accordance with user preferences. Thus, a use 
can be set in accorucm higher order 

have coding units corresponding to ROls, mgx 
chose to have coding Finally , tne encrypted coding units 

bit-planes, etc, encrypted. Finally, y ^ 

,. n „ imits which are not encrypted are mergea 
and the coding units wnxuix 

single bit stream. 

flnu chart illustrating a client-server process, 
in Fig. 4, a flow chart accord ing to the method as 

— emitting an ^ encoded according^ ^ & ^ 

ascribed in - ^ ^ ^ can th en issue 

ru^rs. - — « - a — iar image ' step 



405 



^ relies by transmitting the coding units of the 
The server 403 replies by encrypted 
iffiag e which are not encrypte d; ^ ^ _ ^ ^ 

coding units can be decoded * tne ful i image, 

access to a low resolution vers r, part ^ ^ ^ 

Based on this inform* If so the 
the image in a higher resoiu 
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client transmits a request to the server requesting such 
information, step 4 09. 

The server replies by sending a request to the client requesting 
the client to agree to the conditions for transmitting the 
higher resolution version of the image, step 411. If the client 
agrees via a message 413, e.g. comprising a card number or 
account number from which to bill the cost for the image, the 
server sends the encrypted coding units together with a key word 
by means of which the encrypted coding units can be decrypted, 
step 415. A secure method for key distribution should be used. 
Examples of such secure methods are described in W. Stallings 
"Data and computer Communications-, p 635 -637. Prentice-Hall 
1997 fifth edition ISBN 0-13-571274-2. 

If the client already has access to the unencrypted and 
encrypted coding units, for example if he has purchased a CD-ROM 
with images coded as described herein. The scheme as described 
in conjunction can be modified so that no image data is 
transmitted. Instead the client only agrees to conditions set by 
the server in order to have access to the key word(s) which are 
required to decrypt the encrypted coding units of the CD-ROM. 

in the case when the method and device as described herein is 
used when encoding image according to the JPEG 2000 standard, it 
is advantageous if the JPEG 2 000 standard does not standardise 
encryption methods. An Encryption Header that is included m the 
image header or optionally an Encryption Tag that is merged with 
the JPEG 2000 Tags can instead be used to specify how coding 
units are decrypted. 

in such an embodiment the JPEG 2000 image header contains an 
Encryption Flag (BP) - EF is then set if any coding unit is 
encrypted . to Encryption Header (EH) should then be appended to 
the JPEG 2000 image header and encryption information can 
optionally be merged into JPEG 2000 Tags. 

in Fig. 5 an encryption header is shown. The Encryption Header 
can in such an embodiment contain the following symbols. 

SUBSTITUTE SHEET (RULE 25) 
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1) Encryption Mode (EM) - A set of standard encryption modes are 
defined e.g. 

a) .One encryption, method is used for all coding units 

b) Bitplanes of less significance than bitplane X are encrypted 

c) Subbands of higher resolution than Y are encrypted 

d) ROIs specified in are encrypted, etc. 

No encryption information need to included in the Tags if an EM 
is defined. 

2) Encryption Mode Parameters (EMP) . Parameters (X, Y, ...) that 
axe used to define the Encryption Mode are set here. 

3) Number of encryption methods used. Several encryption methods 
can be used within the same image if e.g. different user groups 
should be allowed to see different image content. 

4) One Encryption Method Descriptor (EMD) for each encryption 
method. The EMD defines any data that is needed by the 
encryption/decryption module. The type of encryption algorithm 
is defined. A typical use of EMD will be to include a keyword 
that is encrypted by a public key algorithm. The user supplies a 
private key for decrypting the enclosed encrypted key. The 
decrypted key is used by a fast decryption algorithm to decrypt 
ixnage coding units. The order of the EMDs allocates an number to 
each encryption method. This number is used in UES symbols. 

5) The bitstream must for each coding unit specify if it is 
encrypted and if so by what method. This is done by setting one 
Unit Encryption State IDES) symbol per coding unit. These 
symbols could either be collected in the encryption header or 
alternatively be distributed in the bitstream as encryptxon 
tags. If the UES information is kept in the encryption header we 

~ ,-vn chafp (fs) ES consists or 

define a header element - Encryption State (ES) . B 

a series of UES symbols that are listed in the same order as. the 
coding units appears in the bit stream. 

IP EF is set and the Encryption State is not given in the 
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header, JPEG 2000 Tags can be expanded to contain Unit 
Encryption State (DBS), symbols. UES defines which encryption 
met hod, if any, that is used for encrypting the next coding 



unit . 



The transform coefficients belonging to a ROI can be handled as 
described above. They can be completely or partially encrypted 
by selecting appropriate coding units belonging to the ROI for 
encryption. 

The main problem is that the shape of the ROI might reveal the 
content. If the shapes are encrypted it is, however, difficult 
to show a reduced quality image since it is difficult to 
interpret the coded transform coefficients. 

This problem can be solved by defining a so called cloaking 
shape (c-shape) . Thus, the real shape of one or several ROIs are 
completely enclosed in the c-shape. The c-shape is designed to 
not reveal sensitive image content. A simple example of a c- 
shape is a bounding box. 

X c-shape is treated as one single ROI in the JPEG ,000 bit 
stream The =-shape is coded without encryption as described rn 
stream, ine verification Model 

Charilaos Chrrstopoulos (ed.). JPEO „ ribed therein 

header. 

hhP r-shaoe and the transform 
A .ask is created usxn g the c shape 

coefficients belongrng to the c shape i ^ 
using the method as descrxbed herein . Thx s -11 
all coefficients belonging to any of the ROIs tha^ 
by the c-shape are encrypted. The texture of the ROIs 
protected by encryption. 

■ — .e ... ■ 

The decoder can now decode the unencrypted backgro 

SUBSTTTUTE SHEET (RULE 26) 
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shape can be displayed as a blank region. The original ROIs can 
be decoded- if the keyword is known. This is done by decrypting 
the coefficients belonging to the c-shape. The shape of each ROI 
belonging to the c-shape is also decrypted. The bitstream can 
now be rearranged so that the c-shape is dropped and the 
original ROI data structures are restored. Note that this xs 
done in the compressed domain. 

The mask that is used for encoding a ROI is not uniquely defined 
in JPEG 2000. A mask that is sufficiently large so that the ROI 
is encoded lossless will often cover the whole lower subbands. A 
m ask that is not allowed to expand will lead to a lossy encoding 
of the ROI. The masks belonging to different ROIs or to a ROI 
and the background can be designed to overlap. This means that 
some coefficients are encoded in more than one ROI. Such 
overlap will lead to a reduced overall compression but the ROIs 
are more independent so that any ROI can be accessed and decoded 
with a good visual result. 

The partial encryption method for KOIs described hereia is not 
lependeat of the choice of *as* as long as the mas* - selected 
' th . content of a ROI caaaot be reconstructed from the 

7nristopouios «.). ,000 Verification Mode! Version 2.0. 

By using the method aad device as described herein storage aad 

reduced.^ ermore b e base ^ ^ 

encrypted ejects are encrypted and the origins! 

^ -tr-a^T- — - - compressed domain. 

■ „ rh.c Pncrvption does not need to be 
Another advantage xs that encrypt i & 

performed at the same time as encoding the xmage- T ^ 
« takes Place in the compressed domaxn (at the 
the process takes pxace ima qes without 

c, m1 - a v, it is possible to encode all images 
bitstream syntax) xc xs p before 

The encryption can be performed 3 ust oero 
encryptxon. The encryp (transC oder) . In this case, 

transmitting the image by a parser (tran 
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Karate which will be the case 
if the encryption increases the bitrate, wm.cn ^ K .^_ 

if the encryption is placed in the TAGS, the increase *» bxtrate 

ir cue cii^ jt> . . j_ onlv added before 

is avoided and the encryption information is oniy 

transmitting it. 
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CLAIMS 

L A method of partially encrypting inage data comprising the 

fcoding'the image data using an encoding algorithm generating 
independently decodable coding units, 

- encrypting at least one of the coding units, and 

- IrX elding units which are not encrypted with coding units 
which are encrypted into a combined bitstream. 

2 . a method according to claim 1, characterised in that the not 
encrypted coding units correspond to a low resolution version of 
•the image data. 

3 A method according to any of claims 1-2, characterised in 
that different coding unite are encrypted using different codang 
methods • 

4 A method according to any of claims 1-3, characterized in 

4. A mem indicates if a coding unxt is 
that an encryption flag, wnicn j. 

encrypted, is inserted in the bit stream. 

* „-i = -i™c: i - 4 when information 

5. A method according to any of claims 1 4 ' w 

a<™ to a Region of interest is encrypted, 
SS2 t « - -pe of the region of interest re 
enclosed in a cloaking shape. 

* r- partial encryption of image data characterized 
6. A device for partial ©n<-ijrF 

^eans for cod., the f-^Z^S^, 
ZZTJZZZ r=r^l ~ — at least 
one of the coding ^'™ > which ire not encrypted with 

- — *« ^ in9 COdln L^tea » a cenoined bitstrean. 
coding units which are encrypted, as co 

to claim 6, characterised by means for 
1;^"^- coding units as units corresponds 
selecting uix image data, 

to a low resolution version of the im g 



PCT/SE99/02106 

WO00/31964 

8 • A device according to any of claims 6 - 7, characterised by 
means for- encrypting different coding units using different 
coding methods. 

9 A device according to any of claims 6-8, characterised by- 
means for inserting an encryption flag, which indicates if a 
coding unit is encrypted, in the bit stream. 

10. A device according to any of claims 6-9, characterised by 
ffi eans for enclosing a region of interest shape in a cloaking 
shape. 
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